New Old Thing: Working with User Roles in Operations Manager 2012

There were no PowerShell cmdlets in OpsMgr 2007 for adding users to a user role, but by being creative, Boris Yanushpolsky of Microsoft developed a technique to deliver that capability. OpsMgr 2012 now includes the Set_SCOMUserRole cmdlet, which allows you to create user roles and add users to those roles. However, the cmdlet includes a ready-made parameter for every user profile type except the Report Operator role!

This role also cannot be created through the Operations Manager console. For OpsMgr 2007, Eugene Bykov of Microsoft wrote a script to create a Report Operator role. That script was modified by Neal Browne to be parameter-driven and discussed in System Center Operations Manager 2007 Unleashed (SAMS, 2008). While we could spend time delving into .Net methods to create a script to accomplish this in OpsMgr 2012, there is little point when we can reuse the existing OpsMgr 2007 R2 script. Pete Zerger has taken that script and modified it to work in OpsMgr 2012. Here’s how it works:

The old PowerShell snap-in in OpsMgr 2007 has been replaced by a new PowerShell module, which Pete describes in detail in “Breaking Down the Operations Manager 2012 Command Shell.” As Oscar Landman mentions in his post “OpsMgr 2012 Command Shell: More than meets the eye,” the old add-pssnapin “Microsoft.EnterpriseManagement.OperationsManager.Client” from OpsMgr 2007 has not disappeared entirely, and can be leveraged to run OpsMgr 2007 scripts in OpsMgr 2012. This enabled Pete to use the 2007 script after changing it to be a function.

Script Parameters:

Parameter Explanation
rootMS The FQDN or NetBIOS name of the RMS Emulator (since there’s no longer an RMS)
roleUserName The name User Role
roleDisplayName The Display Name of the role
roleDescription The description of the role

Sample OpsMgr 2007 Function

Below is the OpsMgr 2007 function, and a call to the function to create a user role (which works equally well on OpsMgr 2012).

Working with the New User Role

With the user role created, you can do the rest with the new OpsMgr 2012 cmdlets.

To retrieve role members, use Get-SCOMUserRole:

To add new members to the role, use Set-SCOMUserRole:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.